Hello I need help . I have following problem. I'm creating VLAN ID 10 and when I adding this VLAN to bridge I can see only this router everything what is connected to it I can't see. But from router itself i can ping all network.
ip link add link lan4 name lan4.10 type vlan id 10
brctl addif br-lan lan4.10
root@OpenWrt:~# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.225464bd8189 yes lan1
lan2
lan3
lan4.10
lan5
If I disable VLAN from switch and connect to router via lan3 or lan2 or lan5 network is running fine. Router is ramips/mt7621
STP doesn't need such help and it looks like poor design.
By default all ports are bridged. If you want them separated you create vlans and assign them to each port. There is no point to bridge them again afterwards.
I have exactly the same problem, and my solution was to downgrade back to 19.07 that works like a dream.
My network topology is quite common. I have an internet gateway router and 2 wifi repeaters. One physical LAN connects the 3 OpenWRT routers in a star configuration with a managed switch in the middle. Over the one physical LAN I create 2 VLANs 1 and 96. VLAN 1 is main internal LAN, VLAN 96 is for guests so that I keep the traffic segregated.
This can be achieved very easily with OpenWRT 19.07. However it does not work at all after the mess they have done in OpenWRT 21.02 with the switch configuration. What happens is that I can associate an interface to the ethernet (eth0.96) device and the 96 vlan works (routers can see each other), but then when I associate the wireless guest network to the guest interface, wireless can't get through. If instead I create a bridge (with eth0.96) device attached, and I associate the wireless network to it, then wifi works (only local to that router), but the router can't ping the other routers on the vlan.
Since I see that the only new nice feature brought with 21.02 is the larger graphs under Statistics, I 'upgraded' back to 19.07 which is a far superior firmware.
Until they fix this properly or they revert back to how VLANs were in 19.07, release 21.02 will be unusable. Too many issues, as this, isn't the only issue, there is more.
I have a similar scenario at home: the ATA provided by my ISP requires to be connected on a port with tagged VLAN X. However, VoIP can travel even without the VLAN tag using the default pppoe-wan interface. For this reason, instead of connecting it to the ISP network and after that the router, I can connect it after the router on a tagged port without briding WAN and that LAN port.
In 19.07, I used to create a eth0.X interface with tagged VLAN and then bridge it to the others, so that the box could receive DHCP from the br-lan interface and be reachable from other devices because the br-lan was automatically able to add and remove VLAN tags,as described in this page from the wiki: https://openwrt.org/docs/guide-user/network/vlan/switch_configuration:
When you bridge non-VLAN and VLAN interfaces together, the system takes care about adding VLAN ID when sending packet from non-VLAN to VLAN interface, and it automatically removes the VLAN ID when sending packet from VLAN interface to non-VLAN one.
WIth 21.02, my approach is to create a lan4.X 802.11q interface and then bridge it to br-lan.
The result almost works: the box receives the IP from the router and can receive and make phone calls, however it is only reachable from the router itself, not by other devices in the LAN as before.
It seems that the bridge is not behaving as the quoted text, but tries to send on the tagged interface untagged packets.
[EDIT] I forgot to specify that the router is based on MT7621, so MT7530 switch.
doesn't work: I can't ping the router from my computer (on LAN1) and the phone doesn't work.
May it be related to the MT76 and how the CPU port is treated (there is just one big eth0 interface and also the WAN is DSA managed).
However, it doesn't solve the "problem". I'll give some more details.
The VoIP device expects tagged traffic on vlan 5 and unfortunately there is no way to access the management page to modify this setting. VoIP credentials of my ISP, however, work even without the tag (I can set up Linphone on my Mac and phone using the normal - untagged - internet). So I wanted to reuse without using the 5-tag on the WAN.
So in 19.07, I created a eth0.5 interface and bridged it to eth0.1 interface, so that the ATA box could receive the DHCP setting from the router and be pingable from other hosts in the LAN. The bridge automatically added and removed vlan tags to and from the ATA box.
I know that I could set up another bridge interface on the other VLAN and set up a new DHCP server, but my goal was to have a single one on the same subnet and just "remove "the vlan tag from the box.
The setting was the following:
I can't get the same result in 21.02. I can use a different dhcp server on br-lan.5 of course to reach the ATA box; another option is to add lan4.5 to br-lan so I can have the box on the same subnet, but not reachable because the bridge itself is not able to correctly remove and add vlan tag (but on the forum i found out that it seems to be a problem of MT76, that the CPU port - eth0 - is not tagged).
To sum up, I don't really need a different VLAN scenario, just a way to remove the tag from the device when added to the bridge.
Do you need the tagged VLAN 1 on the LAN side anyway?
If not, remove the VLAN 1, set lan1~3 to untagged in VLAN 5, and set LAN interface's device to br-lan.5.
I tried that as well and still it doesn't work.
I'm really starting to believe that there is a bug in the MT7530 switch, as if the packet is not sent over the bridge but directly on fabric without adding the tag, unfortunately I don't have other chipsets to try.
Hello, maybe you can help me with the following problem. Wi-Fi Access Point (WDS) doesn't work when VLAN filtering is enabled. I can connect to this AP. but don't have access to the network. When I set WiFi as a client (WDS) it works fine.
